13:49 Comparative testing of 15 antivirus programs in the new magazine s't | |
| On the Security @ Interop - an event, it is unfairly overlooked the attention of many IS-Schnick, we could take the pilot (April) issue of the magazine C'T-Russia, which I gladly did. Now he walks on his hands the whole company. Found in C'T very interesting and thoughtful comparative testing of 15 antivirus programs. Hands reached finally to "treatment" of this very "tasty" content. I will cite here only the introductory part of the methodology and conclusions. That is what is exactly that will be a comprehensive analysis on which the recently fashionable (and now you can) to scold or praise products of different vendors. I think that the team of the new magazine on computer technology as an integrated test - this is a great application for the leadership, because tests are not worse than those that conducts Neil Rubenking of PC Magazine USA. Now there's something to read and Russia - made their own hands testing, human language is described and fairly submitted that together is a "chip" C'T. It is strongly recommended to adopt Sergey Ilyin with Anti-Malware.ru. I liked the words and chief editor of audience and mission of the magazine (quoted): We do not do bullshit. We are doing the most professional computer magazine in Russia ... for those who need honest and truthful information. Respect Shawsheen Paul, author of the review, and the chief editor Andrei Kokourovu referred from CHIPa. I have never had such confidence in their professionalism, but as it turned out, CHIPe all decided the format "easy reading", which in recent years too many media and testlaby crush. In general, the praises of the magazine, I read the burial service, you can proceed to the reading. :) Big Hunt Trojans, spyware, bots - here everything seems to be still, but, nevertheless, is different: each hour virus "zoo" virus labs fill up more than a thousand newcomers . And judging by the results of testing 15 antivirus programs, all most of them slip through anti-virus protection. Along with luminaries of the anti-virus industry our testing took place and some exotic software: Avast Antivirus Pro, AVG Anti-Malware, Avira AntiVir Personal Edition Premium, BitDefender, CA Antivirus Plus, ClamWin, Dr.Web, F-Secure Antivirus, McAfee VirusScan, Microsoft OneCare, and Trend Micro Antivirus + Antispyware. The basic mechanism to detect malicious software on still searching for files on the well-known chain of characters. The quality of the signature recognition is determined by checking a set of ITW-virus (from the English. In The Wild - viruses that pose a real danger to the user at the time of testing). However, this approach has become dominant, if only because that it is not at the most active at the moment class of malicious software - Trojan Horses. In addition, this updated list of viruses is not so often, constantly becoming obsolete, and the list itself, consisting of approximately 1,400 copies, is too small. Therefore, ITW-testing in this case was performed only for the sake of completeness of the experiment and its results are not taken into account when summing up. The fact that Avast! and Kaspersky Anti-Virus proved to be not the best way, although when you scan on demand all the viruses from ITW-sets were found, and both packages on the fly missed one file, which is indicative of the problems associated with quality scanning. But ClamWin and Dr.Web allowed more significant failings, conceding 25 and 7 viruses, respectively. In the case of our own testing of anti-virus programs were supposed to check the virus definitions, with more than a million worms, backdoors, bots and Trojans. At that, only the malicious codes that were really active in the past six months; extinct dinosaurs since DOS and Windows 95 were not considered. When testing it was desirable to obtain the highest percentage of recognition, but we realized that none of the methods of scanning can not detect all the viruses completely. In particular, the product Avira closer to the ideal with an impressive result - over 99% recognition. The result of 95% required for a positive assessment, received a further three products: Avast!, AVG and BitDefender. Furthermore ClamWin and Dr.Web, which, as already mentioned, not very well in this test, slightly looked CA Antivirus with the result of 55% - not enough for protection. Good results were obtained when detecting adware and spyware, the test database which consisted of 25,000 programs. If earlier to combat it needed special anti-spyware utilities, but now developers are included in signature data, and this category of malware. We were not mistaken, the term "malware" is quite appropriate: a tool that can fish for sensitive information or compile lists of users' interests and send them across the network, fully deserve this title. Incidentally, the program, coped well with the virus "zoo", proved to be excellent and in tests with detection of spyware. Unsuccessfully made in this test, CA Antivirus and Norton Antivirus. A positive aspect in the overall picture was that the developers have increased the frequency of updates, as well as the speed of response to new virus threats. In this regard, the lead Softwin and Kaspersky Anti-Virus. Only users of CA Antivirus, McAfee and Microsoft have to wait for the updated signatures on average more than 12 hours compared with the fastest competitor. But the update from Microsoft One Care were late even more than a day. I see what you can not see you The reason that the good results of the signature recognition, as well as short intervals between updates is not enough to reliably protect your computer, it can be shown by simple calculation. Suppose a developer has time for an hour after the onset of a new Trojan horse to create the necessary signatures, check them out and send to their customers. However, at this time is the spread of malicious software through a network of bots, with about 10 000 active zombie computers. Each of them within three seconds can send an e-mail (that is, more than a thousand per hour). As a result, the owner of a network of bots will have time to reach about 10 million of its victims before they both will get the first signature. Of course, some figures can be disputed, but the general principle is clear: in the event of an epidemic of the signature is always late. To create programs to detect previously unknown pests, developers began to use heuristics. They allow, in particular, to identify the typical sequence of codes or issue a warning if the tested program tries to load into memory resident module. Check our anti-virus software should have been using old signatures to detect new viruses. Testing the behavioral analyzer Behavioral analysis (proactive defense) differs from the signature and heuristic methods that serve only themselves to detect malicious files. The difference in the testing begins with the selection of viruses that none of the tested packages can not identify with the signatures. When launched, the virus has hit every time in the same environment, as well as, for example, be able to download from the net its components, despite the fact that the servers are suitable to the time of testing could cease to exist. During testing of the virus to make it possible to work and watch his behavior, as well as how the virus behaves in the program. If the defense offers to interrupt work, then testing stops. After that check if the virus managed to infiltrate and cause damage, or his attack was successfully repulsed, and open files and registry keys are removed. In total, twelve were tested viruses pose a threat to Windows (Spy.VB.QJ, Packer, DNS-Changer.OL, Rbot.BMR, Hmir.DK, Delf.FYR, IRCBot.CHR, Agent.CDM , RBot.XKW, PcClient.BAL, Pakes.AKT, Zlob.KF). In evaluating the program receives one point if in the end the computer is not subjected to contamination, that is, the virus was unable to install the executable components. If your antivirus software managed the system during the next run was not infected, the antivirus got half a point. Recognition Method of behavior likely to crash, especially if it is used only for issuing reports on certain actions that happen during normal operation. Therefore, based on the installation and updating of the ten standard programs such as ICQ, Winamp or Microsoft Office, we checked the proportion of false positives. Rescue anchor The fact that the signature-recognition methods do not provide reliable protection, and heuristics are not highly reliable, has been known for several years. Solving this problem is also known: for monitoring anti-virus system must recognize and previously unknown malware by their behavior. With an increase in suspicious activity, he warns the user and offers to stop the problem, which can harm your computer, or even cancel some previously committed transaction. This feature is called "Proactive protection» (Proactive Guard, behavioral analyzer can also be called Behavioural Blocker) is also found in the description of many software products. Testing carried out by us showed rather disappointing results. Well itself showed only F-Secure Deepguard company F-Secure, which recognizes all 12 "pests", and in most cases he was able to prevent infection. In addition it found malicious software on their behavior was also Kaspersky Anti-Virus program and BitDefender. However, completely preventing contamination of the system could not they. Software development companies McAfee, Norton, Microsoft, and Trend Micro are on the path of least resistance and offer to evaluate the behavior of suspicious applications by users. If you use antivirus software these manufacturers you do not just run with messages that are often encountered at the dawn of software firewalls: "Program XYZ wants to take some action - you want it to solve?". The catch is this: these messages are almost always relate to individual actions, such as adding a paragraph in the startup registry. Even if the user to disable this action, the virus still will not be rendered harmless, and some of its components may still remain active. In addition, such warnings often arise during the installation of harmless programs. Well-disguised as a video codec, the trojan this way are unlikely to find itself as the user wants to install this program on your computer. These results confirm our experiments with simple, created from existing code snippets, key loggers, which are invisible to the user keep the keyboard data. One of the loggers was added to the registry as a startup item, the other was installed as a kernel driver, the third as a service, and the latter additionally established a connection with the IRC-server. In this case, acceptable results showed only a program of the company F-Secure, BitDefender, and Kaspersky Lab. F-Secure has recognized all keyloggers as applications with a high level of danger that has been reflected in the form of ranking. Kaspersky Anti-Virus informed about installing suspicious driver, said the creation of new files and their registration as a startup item, and as a service. Program B-Have company BitDefender identified by the behavior of all the keyloggers with the exception of a false driver core. Software companies McAfee and Trend Micro have recorded only a registry change made by the first loggers. In OneCare, and NOD32 heuristic analysis allowed us to detect only the first keylogger, enter the data into a branch of the registry, responsible for the startup. Other anti-virus and not able to find anything. The game of hide and seek Although more viruses use rootkit techniques to hide its presence in the system, only a few antivirus programs are ready for it adequately. Only programs from F-Secure, Norton and Panda during testing could detect and remove all active rootkits, although we used only widely known and available samples. The fact that AVG detects only inactive rootkits can not be attributed to it in an asset, even given the fact that the program has a separate module to search for rootkits. Program ClamWin, Dr.Web, McAfee and Microsoft's OneCare is virtually nothing to oppose this type of threat. If you suspect a rootkit attacks is particularly important bootable emergency disk, through which you can scan the system without downloading it. However, these discs are still saving many manufacturers. And if they do not save, then obviously trash: Disk Symantec, as before, loaded with a DOS virus scanner signatures which are dated 2002, and the Panda offers a bootable CD based on Linux, providing access to the disk partitions to NTFS in read mode only. Another method used to deceive the anti-virus scanners, is to use zip files, which they can not open. In this case, attackers change the access rights to content, such as ZIP-file, so that the virus scanner could not open it, and with utilities installed on your computer, do it would be possible. Thus, the virus can remain undetected when checking the mail gateway. Stability of some antivirus programs to such concealment methods we have tested in the course of testing with 28 specially prepared archive files in the format. Rar,. Zip and. Cab. They can be opened using standard software such as integrated into the Windows ZIP, WinZIP, WinRar or 7zip. However, only F-Secure found a virus hidden in all the modified files. Similarly, you can make invisible to antivirus and malicious code using a security hole in browsers. It has long been known that Internet Explorer ignores certain elements of the code of HTML-pages. For example, an attacker can fill his exploits with null bytes, to distinguish it from the samples in the database of the antivirus. The trick with the addition of zero bytes passed on all anti-virus software, except for BitDefender. Other programs were given warnings, but the exploits could knock them confused. Vista and antivirus All tests were performed on computers running Windows Vista. It did not cause any difficulty, as most manufacturers had already adapted to it their own programs. Only a new model of rights may create some problems due to the fact that anti-virus scanner for a full system scan should obtain necessary rights by using the User Account Control (UAC). So, of AVG and CA Anti-Virus must be run manually by an administrator to be able to absolutely verify all files. Otherwise, the virus scanner will simply skip the folder for other users. With F-Secure Anti-Virus is still more difficult - the program ignores other people's folders, even if the necessary rights. This folder can be scanned only if we go into it and allow the action in the popup window User Account Control. If you use Avast and Dr.Web for special operations, the user must enter an administrator password when using a limited account. Additionally, we tested the software on computers running Windows XP. In this case, we have not found virtually no differences between the results of the antivirus software in Vista and XP. True, it is necessary to take into account that the use of specific functions, such as proactive protection and find rootkits on computers with Windows XP in some cases, you can get different results. A bit of everything To determine whether anti-virus slows down your computer, we have performed two tests: first the program would check for viruses of the order of 8,000 files totaling 741 MB. For the evaluation of anti-virus scanning on the fly, we will also make copies of files on your hard disk, in the absence of anti-virus takes 47 seconds. High speed showed NOD32; programs such as Avast!, AVG, Antivir, OneCare, Norton, Panda and TrendMicro are also not greatly slows down the system. Significantly worse results showed F-Secure, which in the presence of four antivirus engines significantly slows down, as well as Kaspersky Anti-Virus, the use of which significantly increased the waiting time when copying folders with files. Most antivirus discreetly monitor the work of mailers and scan incoming and outgoing messages. On the Security @ Interop - an event, it is unfairly overlooked the attention of many IS-Schnick, we could take the pilot (April) issue of the magazine C'T-Russia, which I gladly did. Now he walks on his hands throughout the company. Found in C'T very interesting and thoughtful comparative testing of 15 antivirus programs. Hands reached finally to "treatment" of this very "tasty" content. I will cite here only the introductory part of the methodology and conclusions. That is what is exactly that will be a comprehensive analysis on which the recently fashionable (and now you can) to scold or praise products of different vendors. I think that the team of the new magazine on computer technology as an integrated test - this is a great application for the leadership, because tests are not worse than those that conducts Neil Rubenking of PC Magazine USA. Now there's something to read and Russia - made their own hands testing, human language is described and fairly submitted that together is a "chip" C'T. It is strongly recommended to adopt Sergey Ilyin with Anti-Malware.ru. I liked the words and chief editor of audience and mission of the magazine (quoted): We do not do bullshit. We are doing the most professional computer magazine in Russia ... for those who need honest and truthful information. Respect Shawsheen Paul, author of the review, and the chief editor Andrei Kokourovu referred from CHIPa. I have never had such confidence in their professionalism, but as it turned out, CHIPe all decided the format "easy reading", which in recent years too many media and testlaby crush. In general, the praises of the magazine, I read the burial service, you can proceed to the reading. :) Big Hunt Trojans, spyware, bots - here everything seems to be still, but, nevertheless, is different: each hour virus "zoo" virus labs fill up more than a thousand newcomers . And judging by the results of testing 15 antivirus programs, all most of them slip through anti-virus protection. Along with luminaries of the anti-virus industry our testing took place and some exotic software: Avast Antivirus Pro, AVG Anti-Malware, Avira AntiVir Personal Edition Premium, BitDefender, CA Antivirus Plus, ClamWin, Dr.Web, F-Secure Antivirus, McAfee VirusScan, Microsoft OneCare, and Trend Micro Antivirus + Antispyware. The basic mechanism to detect malicious software on still searching for files on the well-known chain of characters. The quality of the signature recognition is determined by checking a set of ITW-virus (from the English. In The Wild - viruses that pose a real danger to the user at the time of testing). However, this approach has become dominant, if only because that it is not at the most active at the moment class of malicious software - Trojan Horses. In addition, this updated list of viruses is not so often, constantly becoming obsolete, and the list itself, consisting of approximately 1,400 copies, is too small. Therefore, ITW-testing in this case was performed only for the sake of completeness of the experiment and its results are not taken into account when summing up. The fact that Avast! and Kaspersky Anti-Virus proved to be not the best way, although when you scan on demand all the viruses from ITW-sets were found, and both packages on the fly missed one file, which is indicative of the problems associated with quality scanning. But ClamWin and Dr.Web allowed more significant failings, conceding 25 and 7 viruses, respectively. In the case of our own testing of anti-virus programs were supposed to check the virus definitions, with more than a million worms, backdoors, bots and Trojans. At that, only the malicious codes that were really active in the past six months; extinct dinosaurs since DOS and Windows 95 were not considered. When testing it was desirable to obtain the highest percentage of recognition, but we realized that none of the methods of scanning can not detect all the viruses completely. In particular, the product Avira closer to the ideal with an impressive result - over 99% recognition. The result of 95% required for a positive assessment, received a further three products: Avast!, AVG and BitDefender. Furthermore ClamWin and Dr.Web, which, as already mentioned, not very well in this test, slightly looked CA Antivirus with the result of 55% - not enough for protection. Good results were obtained when detecting adware and spyware, the test database which consisted of 25,000 programs. If earlier to combat it needed special anti-spyware utilities, but now developers are included in signature data, and this category of malware. We were not mistaken, the term "malware" is quite appropriate: a tool that can fish for sensitive information or compile lists of users' interests and send them across the network, fully deserve this title. Incidentally, the program, coped well with the virus "zoo", proved to be excellent and in tests with detection of spyware. Unsuccessfully made in this test, CA Antivirus and Norton Antivirus. <<>> A positive aspect in the overall picture was that the developers have increased the frequency of updates, as well as the speed of response to new virus threats. In this regard, the lead Softwin and Kaspersky Anti-Virus. Only users of CA Antivirus, McAfee and Microsoft have to wait for the updated signatures on average more than 12 hours compared with the fastest competitor. But the update from Microsoft One Care were late even more than a day. <<>> I see what you can not see you <<>> The reason that the good results of the signature recognition, as well as short intervals between updates is not enough to reliably protect your computer, it can be shown by simple calculation. Suppose a developer has time for an hour after the onset of a new Trojan horse to create the necessary signatures, check them out and send to their customers. However, at this time is the spread of malicious software through a network of bots, with about 10 000 active zombie computers. Each of them within three seconds can send an e-mail (that is, more than a thousand per hour). As a result, the owner of a network of bots will have time to reach about 10 million of its victims before they both will get the first signature. Of course, some figures can be disputed, but the general principle is clear: in the event of an epidemic of the signature is always late. <<>> To create programs to detect previously unknown pests, developers began to use heuristics. They allow, in particular, to identify the typical sequence of codes or issue a warning if the tested program tries to load into memory resident module. <<>> Check our anti-virus software should have been using old signatures to detect new viruses. <<>> Testing the behavioral analyzer <<>> Behavioral analysis (proactive defense) differs from the signature and heuristic methods that serve only themselves to detect malicious files. The difference in the testing begins with the selection of viruses that none of the tested packages can not identify with the signatures. When launched, the virus has hit every time in the same environment, as well as, for example, be able to download from the net its components, despite the fact that the servers are suitable to the time of testing could cease to exist. <<>> During testing of the virus to make it possible to work and watch his behavior, as well as how the virus behaves in the program. If the defense offers to interrupt work, then testing stops. After that check if the virus managed to infiltrate and cause damage, or his attack was successfully repulsed, and open files and registry keys are removed. <<>> In total, twelve were tested viruses pose a threat to Windows (Spy.VB.QJ, Packer, DNS-Changer.OL, Rbot.BMR, Hmir.DK, Delf.FYR, IRCBot.CHR, Agent.CDM , RBot.XKW, PcClient.BAL, Pakes.AKT, Zlob.KF). In evaluating the program receives one point if in the end the computer is not subjected to contamination, that is, the virus was unable to install the executable components. If your antivirus software managed the system during the next run was not infected, the antivirus got half a point. <<>> Recognition Method of behavior likely to crash, especially if it is used only for issuing reports on certain actions that happen during normal operation. Therefore, based on the installation and updating of the ten standard programs such as ICQ, Winamp or Microsoft Office, we checked the proportion of false positives. <<>> Rescue anchor <<>> The fact that the signature-recognition methods do not provide reliable protection, and heuristics are not highly reliable, has been known for several years. Solving this problem is also known: for monitoring anti-virus system must recognize and previously unknown malware by their behavior. With an increase in suspicious activity, he warns the user and offers to stop the problem, which can harm your computer, or even cancel some previously committed transaction. This feature is called "Proactive protection» (Proactive Guard, behavioral analyzer can also be called Behavioural Blocker) is also found in the description of many software products. <<>> Testing carried out by us showed rather disappointing results. Well itself showed only F-Secure Deepguard company F-Secure, which recognizes all 12 "pests", and in most cases he was able to prevent infection. In addition it found malicious software on their behavior was also Kaspersky Anti-Virus program and BitDefender. However, completely preventing contamination of the system could not they. <<>> Software development companies McAfee, Norton, Microsoft, and Trend Micro are on the path of least resistance and offer to evaluate the behavior of suspicious applications by users. If you use antivirus software these manufacturers you do not just run with messages that are often encountered at the dawn of software firewalls: "Program XYZ wants to take some action - you want it to solve?". The catch is this: these messages are almost always relate to individual actions, such as adding a paragraph in the startup registry. Even if the user to disable this action, the virus still will not be rendered harmless, and some of its components may still remain active. In addition, such warnings often arise during the installation of harmless programs. Well-disguised as a video codec, the trojan this way are unlikely to find itself as the user wants to install this program on your computer. <<>> These results confirm our experiments with simple, created from existing code snippets, key loggers, which are invisible to the user keep the keyboard data. One of the loggers was added to the registry as a startup item, the other was installed as a kernel driver, the third as a service, and the latter additionally established a connection with the IRC-server. In this case, acceptable results showed only a program of the company F-Secure, BitDefender, and Kaspersky Lab. F-Secure has recognized all keyloggers as applications with a high level of danger that has been reflected in the form of ranking. Kaspersky Anti-Virus informed about installing suspicious driver, said the creation of new files and their registration as a startup item, and as a service. Program B-Have company BitDefender identified by the behavior of all the keyloggers with the exception of a false driver core. <<>> Software companies McAfee and Trend Micro have recorded only a registry change made by the first loggers. In OneCare, and NOD32 heuristic analysis allowed us to detect only the first keylogger, enter the data into a branch of the registry, responsible for the startup. Other anti-virus and not able to find anything. <<>> The game of hide and seek <<>> Although more viruses use rootkit techniques to hide its presence in the system, only a few antivirus programs are ready for it adequately. Only programs from F-Secure, Norton and Panda during testing could detect and remove all active rootkits, although we used only widely known and available samples. The fact that AVG detects only inactive rootkits can not be attributed to it in an asset, even given the fact that the program has a separate module to search for rootkits. Program ClamWin, Dr.Web, McAfee and Microsoft's OneCare is virtually nothing to oppose this type of threat. <<>> If you suspect a rootkit attacks is particularly important bootable emergency disk, through which you can scan the system without downloading it. However, these discs are still saving many manufacturers. And if they do not save, then obviously trash: Disk Symantec, as before, loaded with a DOS virus scanner signatures which are dated 2002, and the Panda offers a bootable CD based on Linux, providing access to the disk partitions to NTFS in read mode only. <<>> Another method used to deceive the anti-virus scanners, is to use zip files, which they can not open. In this case, attackers change the access rights to content, such as ZIP-file, so that the virus scanner could not open it, and with utilities installed on your computer, do it would be possible. Thus, the virus can remain undetected when checking the mail gateway. <<>> Stability of some antivirus programs to such concealment methods we have tested in the course of testing with 28 specially prepared archive files in the format. Rar,. Zip and. Cab. They can be opened using standard software such as integrated into the Windows ZIP, WinZIP, WinRar or 7zip. However, only F-Secure found a virus hidden in all the modified files. <<>> Similarly, you can make invisible to antivirus and malicious code using a security hole in browsers. It has long been known that Internet Explorer ignores certain elements of the code of HTML-pages. For example, an attacker can fill his exploits with null bytes, to distinguish it from the samples in the database of the antivirus. The trick with the addition of zero bytes passed on all anti-virus software, except for BitDefender. Other programs were given warnings, but the exploits could knock them confused. <<>> Vista and antivirus <<>> All tests were performed on computers running Windows Vista. It did not cause any difficulty, as most manufacturers had already adapted to it their own programs. <<>> Only a new model of rights may create some problems due to the fact that anti-virus scanner for a full system scan should obtain necessary rights by using the User Account Control (UAC). So, of AVG and CA Anti-Virus must be run manually by an administrator to be able to absolutely verify all files. Otherwise, the virus scanner will simply skip the folder for other users. With F-Secure Anti-Virus is still more difficult - the program ignores other people's folders, even if the necessary rights. This folder can be scanned only if we go into it and allow the action in the popup window User Account Control. If you use Avast and Dr.Web for special operations, the user must enter an administrator password when using a limited account. <<>> Additionally, we tested the software on computers running Windows XP. In this case, we have not found virtually no differences between the results of the antivirus software in Vista and XP. True, it is necessary to take into account that the use of specific functions, such as proactive protection and find rootkits on computers with Windows XP in some cases, you can get different results. <<>> A bit of everything <<>> To determine whether anti-virus slows down your computer, we have performed two tests: first the program would check for viruses of the order of 8,000 files totaling 741 MB. For the evaluation of anti-virus scanning on the fly, we will also make copies of files on your hard disk, in the absence of anti-virus takes 47 seconds. <<>> High speed showed NOD32; programs such as Avast!, AVG, Antivir, OneCare, Norton, Panda and TrendMicro are also not greatly slows down the system. Significantly worse results showed F-Secure, which in the presence of four antivirus engines significantly slows down, as well as Kaspersky Anti-Virus, the use of which significantly increased the waiting time when copying folders with files. <<>> Most antivirus discreetly monitor the work of mailers and scan incoming and outgoing messages. The presence of this function should not be a deciding factor in the anti-virus software, because even if it is missing, then the program will still give you a warning when you try to open or save the attached file. Besides the antivirus still be helpless when you use an encrypted connection. <<>> Major problem could be enough high quality source antivirus program. In 2007, virtually all known anti-virus products have been found critical security holes, which cast doubt on the reliability of the entire sphere of anti-virus software. For our test, we asked producers about the issue they have taken measures to improve security of software products. The few responses failed to appreciate fully, and check them for compliance with the reality as possible. Therefore, the question still remains open. <<>> Estimates of each product, as provided in the article does not intend to publish, but it is possible to estimate the summary table and conclusions in the course of the article. <<>> Conclusion <<>> NOD32 was the only participant testing, which could detect more than two-thirds of new malicious programs in second place with a score of BitDefender 41%, and the other anti-virus software can recognize a threat to every third or even less. In this case, one can hardly talk about the reliable protection of your computer. Such low results can be explained by the fact that developers of malicious software have been paying more attention to optimizing their creations. Of particular concern is the fact that anti-virus during the test could not detect some viruses that they have successfully found a year ago. <<>> Solution to this problem may be behavioral detection of malicious programs, which, though currently only in well-implemented program, Anti-Virus 2008 by F-Secure. In this situation, recommend a particular product is difficult, because no program has shown excellent results, and therefore can not guarantee the security of your computer. Antivirus company F-Secure is not the best way showed himself in finding spyware and very demanding of system resources. Reasonable compromise is a program BitDefender, also has a high speed, but have also shown good results of heuristic analysis, recognizing almost all rootkits, and has good prospects in the field of behavioral analysis. One of the few observations of this program is to a large number of false positives. | |
|
| |
| Total comments: 0 | |